Mailing List Archive

Hi Chris,

On 18/10/2023 19:13, Chris Rapier wrote:
> Do any of you have a wish list of things you'd like to see in ssh?

get Roumen Petrovs pkissh implementation merged and maintained upstream

I know this is a huge page with little chances to get accepted, but I'd
like to mention this, because it has been on my personal wish list for a
long time. Sure, I can install pkissh, but if it were upstream, another
5-10 years later, it would probably arrive in the distributions and get
used widely.

Martin

> On 18/10/2023 19:13, Chris Rapier wrote:
>> Do any of you have a wish list of things you'd like to see in ssh?
>
> get Roumen Petrovs pkissh implementation merged and maintained upstream
>
> I know this is a huge page with little chances to get accepted,
this should read "huge patch", sorry

Hey Chris,

On Wed, 2023-10-18 at 13:13 -0400, Chris Rapier wrote:
> Do any of you have a wish list of things you'd like to see in ssh?

Meanwhile, a lot of parts have to work together for SSH to work as
desired: ssh-client, ssh-agent, gpg-agent, scdaemon, sshd, pam, ....

As an admin who works with SSH all day in a company whose employees do
everything via SSH, I would like to see better debug options in the
entire stack with the long-term goal of being able to evaluate them
automatically with some data format (json, yaml). Sshd and ssh-agent
cannot be switched to 'debug' mode afterwards without shooting yourself
in the foot.

It would be nice if there were better ways to find out why something
didn't work. For example, we've had corporate firewalls that discarded
certain handshake packets and it was really hard to get the idea of
what was going wrong in the first place.

ESC~#

Börn Lässig
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

> On 23 Oct 2023, at 18:19, Martin Hecht <martin.hecht@hlrs.de> wrote:
>
> Hi Chris,
>
> On 18/10/2023 19:13, Chris Rapier wrote:
>> Do any of you have a wish list of things you'd like to see in ssh?
>
> get Roumen Petrovs pkissh implementation merged and maintained upstream

I’d second that. Improvement for X.509 support. Ideally well synced with PKCS#11 (which is working well) for physical devices.

Dw.

On Wed, 18 Oct 2023, at 19:13, Chris Rapier wrote:
> Hey all,
>
> So I do some development based on openssh and I'm trying to think of
> some new projects that might extend the functionality, feature set, user
> workflow, performance, etc of ssh.
>
> So open ended question:
>
> Do any of you have a wish list of things you'd like to see in ssh?

Line rate ssh. Like if I have a 10G pipe I should be able to push 10G through without spending significant effort tweaking it for this specific transfer. I know this is partially wishful thinking but I’d like it to be easier.

This might be QUIC or some other UDP layer, or it might be something else entirely.

ssh is my go to tool for shifting almost anything from one place to another, except where I’m limited by single tcp streams.

A+
Dave
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

You aren’t likely to see 10Gb line rate in a single process. Even without any encryption involved, you will only get between 2 and 5Gb using a single process (at least the last time I tried it). The problem is you saturate a CPU with protocol interrupt protocol overhead and you can spread a single data stream over multiple CPUs (at least not with TCP or anything else that assumes out of order packets == congestion). OTOH, if you use GCM on recent hardware where it has been accelerated, the encryption doesn’t add much overhead.

If you are talking multiple processes using accelerated GCM, then it’s possible to hit 10Gb. I would hazard a guess that 8 cores would be more than enough.

From: openssh-unix-dev <openssh-unix-dev-bounces+herbie.robinson=stratus.com@mindrot.org> On Behalf Of Dave Cottlehuber
Sent: Thursday, October 26, 2023 2:43 PM
To: Chris Rapier <rapier@psc.edu>
Cc: openssh-unix-dev@mindrot.org
Subject: [EXTERNAL] Re: ssh wish list?

[.EXTERNAL SENDER: This email originated from outside of Stratus Technologies. Do not click links or open attachments unless you recognize the sender and know the content is safe.]

On Wed, 18 Oct 2023, at 19:13, Chris Rapier wrote:
> Hey all,
>
> So I do some development based on openssh and I'm trying to think of
> some new projects that might extend the functionality, feature set, user
> workflow, performance, etc of ssh.
>
> So open ended question:
>
> Do any of you have a wish list of things you'd like to see in ssh?

Line rate ssh. Like if I have a 10G pipe I should be able to push 10G through without spending significant effort tweaking it for this specific transfer. I know this is partially wishful thinking but I’d like it to be easier.

This might be QUIC or some other UDP layer, or it might be something else entirely.

ssh is my go to tool for shifting almost anything from one place to another, except where I’m limited by single tcp streams.

A+
Dave
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org<mailto:openssh-unix-dev@mindrot.org>
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev<https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev>
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

Another wish: mtcp
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev